Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Magento Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2019-7932 - Vulnerability Database
Magento

Magento Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2019-7932

High
Reference: CVE-2019-7932
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-7932
Title: Magento Improper Control of Generation of Code (Code Injection) Vulnerability
Overview:

A remote code execution vulnerability exists in Magento Open Source prior to 1.9.4.2 and Magento Commerce prior to 1.14.4.2 Magento 2.1 prior to 2.1.18 Magento 2.2 prior to 2.2.9 Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create sitemaps can execute arbitrary PHP code by creating a malicious sitemap file.